HTTP not redirecting to HTTPS

pixel375 · June 21, 2021, 7:54pm

Having trouble getting auto redirect from http to https to work.
First time a user visits anonstv.com, it goes to http://anonstv.com. But if that same user then visits https://anonstv.com, it will auto redirect them to the https one in future, I believe that is due to HSTS.
The http one just shows the servers phpinfo page instead of showing the website content.

Domain: anonstv.com
Hosting: Hostinger VPS
OS: Ubuntu 18.04
Certbot: 0.27.0

Command used to create certificate:
sudo certbot --apache --agree-tos --redirect --uir --hsts --staple-ocsp --must-staple -d www.anonstv.com, anonstv.com --email email@email.com

/etc/apache2/sites-available/

<VirtualHost *:443>
ServerAdmin admin@anonstv.com
ServerName anonstv.com
ServerAlias www.anonstv.com
DocumentRoot /var/www/anonstv.com

<Directory /var/www/anonstv.com>
Options FollowSymLinks
AllowOverride all
Require all granted

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine On
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/www.anonstv.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.anonstv.com/privkey.pem
Header always set Strict-Transport-Security "max-age=31536000"
SSLUseStapling on
Header always set Content-Security-Policy upgrade-insecure-requests

SSLStaplingCache shmcb:/var/run/apache2/stapling_cache(128000)

/etc/apache2/sites-available/le-redirect-anonstv.com.conf

<VirtualHost *:80>
ServerName anonstv.com
ServerAlias www.anonstv.com
ServerSignature Off

RewriteEngine On
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

ErrorLog /var/log/apache2/redirect.error.log
LogLevel warn

/var/www/anonstv.com/.htaccess

RewriteEngine On
RewriteCond %{HTTP_HOST} anonstv.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://anonstv.com/$1 [R,L]
.
.

Note: It seems like the http version of the site completely skips over reading the conf files, and skips over .htacces, and just resolves to the servers IP address. I have set this all up on 2 domains now on the server with the same result.
Other domains that I have cloudflare ssl on are working fine.
Allow Override is set to All aswell.

Osiris · June 21, 2021, 8:18pm

That's correct.

The fact your webserver ignores your configuration files could be due to the fact your webserver has multiple VirtualHosts for the same servername/serveralias configured.

Please show the output of sudo apachectl -S.

pixel375 · June 21, 2021, 8:27pm

Both domains doing the same thing, anonstv.com and anonunited.com

Osiris · June 21, 2021, 8:47pm

The configuration file /etc/apache2/sites-available/le-redirect-anonstv.com.conf doesn't seem to be enabled.

pixel375 · June 21, 2021, 8:51pm

Ah yes, I had disabled it while I was troubleshooting. I re-enabled it, but issue remains

Osiris · June 21, 2021, 9:01pm

Ah, I see it know, I think..

In downtherabbithole.com.conf, you've set up the VirtualHost using the IP address (31.220.109.71) of the server instead of using a wildcars/asterisk (*). By using the IP address, that VirtualHost takes precedence above the VirtualHosts with the wildcard.

So if you'd change 31.220.109.71:80 to *:80, all should be good.

pixel375 · June 21, 2021, 9:06pm

Wow! Great catch! I had no idea that it would break things. Thank you very much!

griffin · June 22, 2021, 1:04am

That's impressive, @Osiris. Not many people understand the order of operations of Apache VirtualHost matching at play.

In case anyone wants the full skinny:

https://httpd.apache.org/docs/current/vhosts/details.html

Osiris · June 22, 2021, 5:55am

Another thing I noticed just now is that the Virtualhost for downtherabbithole.com is configured in downtherabbithole.com.conf as wel as in 00000-000-default.conf. This might or might not lead to different unexpected behaviour.

system · July 22, 2021, 5:55am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.